Can OTRS have customers from AD without being User object?

[ericchaves]

Hi Folks,

I'm new to OTRS and I'm trying to integrate it with our company AD for Customer Backend. For that I create a group called OTRS_Users (not the best name, I know) and add the users from add to those groups. So far so good.

What I'd like to do know is to add Contact objects to this group in order to work with people outside of my company. My problem is no matter what I do I can't make those objects show up as customers.

The Config.pm I'm using are listed below.

What Should I do in order to have it working?

Thanks in advance.

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2010 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.23 2010/01/13 22:25:00 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> OTRS does have a lot of config settings. For more settings
# (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
# LDAP, PostMaster, Session, Preferences, ...) see
# Kernel/Config/Defaults.pm and copy your wanted lines into "this"
# config file. This file will not be changed on update!
#
# --

package Kernel::Config;

sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# Start of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #

$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '10.0.3.11';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=supermeios,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'OTRS';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'secret;
#$Self->{'AuthModule::LDAP::AlwaysFilter'} = '(&(objectclass=user)(mail=*))';

# (e. g. user needs to be in a group OTRS_Agents to use otrs)
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Agents,ou=Groups,dc=supermeios,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
#$Self->{'AuthSyncModule::LDAP::AlwaysFilter'} = '(&(objectclass=user)(mail=*))';

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '10.0.3.11';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=supermeios,dc=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'OTRS';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'secret';

$Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=OTRS_Users,ou=Groups,dc=supermeios,dc=com';
$Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(memberOf=CN=OTRS_Users,OU=Groups,DC=supermeios,DC=com)';

$Self->{CustomerUser} = {
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '10.0.3.11',
BaseDN => 'dc=supermeios,dc=com',
SSCOPE => 'sub',
UserDN => 'OTRS',
UserPw => 'secret',
AlwaysFilter => '(memberOf=CN=OTRS_Users,OU=Groups,DC=supermeios,DC=com)',
},
ReadOnly => 1,
CustomerKey => 'sAMAccountName',
CustomerID => '[customer_id]',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
AlwaysFilter => '(memberof=CN=OTRS_Users,OU=Groups,DC=supermeios,dc=com)',
Map => [
# note: Login, Email and CustomerID needed!
# var, frontend, storage, shown, required, storage-type
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],
[ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],
[ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],
[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ],
[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ],
],
};

# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# DatabaseHost
# (The database host.)
$Self->{'DatabaseHost'} = 'localhost';
# Database
# (The database name.)
$Self->{'Database'} = 'otrs';
# DatabaseUser
# (The database user.)
$Self->{'DatabaseUser'} = 'otrs';
# DatabasePw
# (The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords.)
$Self->{'DatabasePw'} = 'otrs';
# DatabaseDSN
# (The database DSN for MySQL ==> more: "man DBD::mysql")
$Self->{DatabaseDSN} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost};";

# (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a tcpip connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";

# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';

# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;

# ---------------------------------------------------- #

# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
$Self->{'DefaultCharset'} = 'utf-8';

# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# End of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this) #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.23 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;

[ferrosti]

Make sure your contacts are member of

Code: Select all

$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '(memberOf=CN=OTRS_Users,OU=Groups,DC=supermeios,DC=com)';

Your contacts will not have a

Code: Select all

CustomerKey => 'sAMAccountName',

[ericchaves]

Hi Ferrosti,

Thanks!! Adjusting the CustomerKey made the trick! For the record, I first tried to map CustomerKey to ObjectGUID but it seems that some the value may have invalid characters so I ended using the mail as CustomerKey and all went well.

Best regards,

Eric

[ferrosti]

Watch out with this one! There might be contacts without mail in your AD.
I´ve had this issue with some agents and therefor I had to switch to 'userprincipalname' to automatically fake a unique mail address.
To have everything fine you could implement two customer backends with different filters. One for normal customers and one for contacts only.

[ericchaves]

Thanks for the alert!!

In the end I gave up with this idea. Only later I realized contatcs wouldn't be able to logon into customer frontend, since they don't have a password.

Cheers,

Watch out with this one! There might be contacts without mail in your AD.
I´ve had this issue with some agents and therefor I had to switch to 'userprincipalname' to automatically fake a unique mail address.
To have everything fine you could implement two customer backends with different filters. One for normal customers and one for contacts only.